To step through this recipe, you will need:

Installing sysdig is easy on most platforms, including CoreOS (http://www.sysdig.org/install/). However, if you're in a hurry, here's a one liner that will do the job of installing Sysdig on your Linux host. We'd probably choose a better way to deploy it programmatically though, such as Ansible or Chef, through a Docker container or not:

$ curl -s https://s3.amazonaws.com/download.draios.com/stable/install-sysdig | sudo bash

Here's how to get an htop-like view of all the running containers on the system:

$ sudo csysdig --view=containers

Navigating to the F2/Views menu helps you enter many different options to see what's running, from processes to syslog to open files and even the Kubernetes, Marathon, or Mesos integration. Want to see which container is draining all of the IO? You're at the right place:

Here's an example of a Tomcat container with a view of all the local and remote connections, IPs, ports, protocols, bandwidth, IOs, and the corresponding commands—terribly useful to find suspicious behavior:

Another useful tool is F5/Echo, grabbing what's transiting on this container: (un)encrypted content, logs, output, and more. This is also very useful to maybe catch something wrong with a container acting weird:

Another very powerful tool from sysdig is F6/Dig. This basically offers nothing less than a full-fledged strace for a container; imagine the debugging power it has:

The F8/Actions feature is a full Docker command integration tool available right from inside sysdig. Select a container and we'll be able to enter it, read logs, see its image history, kill it, and more:

Those commands are also always available right from the main interface: want to gain a shell on this selected container? Just type b.

These are just a few of the many powerful things we can do with Sysdig using Docker containers.